// File generated from our OpenAPI spec by Stainless. See CONTRIBUTING.md for details.

package sso_connector

import (
	"context"

	"github.com/cloudflare/terraform-provider-cloudflare/internal/customfield"
	"github.com/hashicorp/terraform-plugin-framework-timetypes/timetypes"
	"github.com/hashicorp/terraform-plugin-framework-validators/stringvalidator"
	"github.com/hashicorp/terraform-plugin-framework/resource"
	"github.com/hashicorp/terraform-plugin-framework/resource/schema"
	"github.com/hashicorp/terraform-plugin-framework/resource/schema/booldefault"
	"github.com/hashicorp/terraform-plugin-framework/resource/schema/boolplanmodifier"
	"github.com/hashicorp/terraform-plugin-framework/resource/schema/planmodifier"
	"github.com/hashicorp/terraform-plugin-framework/resource/schema/stringplanmodifier"
	"github.com/hashicorp/terraform-plugin-framework/schema/validator"
)

var _ resource.ResourceWithConfigValidators = (*SSOConnectorResource)(nil)

func ResourceSchema(ctx context.Context) schema.Schema {
	return schema.Schema{
		Attributes: map[string]schema.Attribute{
			"id": schema.StringAttribute{
				Description:   "SSO Connector identifier tag.",
				Computed:      true,
				PlanModifiers: []planmodifier.String{stringplanmodifier.UseStateForUnknown()},
			},
			"account_id": schema.StringAttribute{
				Description:   "Account identifier tag.",
				Required:      true,
				PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
			},
			"email_domain": schema.StringAttribute{
				Description:   "Email domain of the new SSO connector",
				Required:      true,
				PlanModifiers: []planmodifier.String{stringplanmodifier.RequiresReplace()},
			},
			"begin_verification": schema.BoolAttribute{
				Description:   "Begin the verification process after creation",
				Computed:      true,
				Optional:      true,
				PlanModifiers: []planmodifier.Bool{boolplanmodifier.RequiresReplaceIfConfigured()},
				Default:       booldefault.StaticBool(true),
			},
			"enabled": schema.BoolAttribute{
				Description: "SSO Connector enabled state",
				Optional:    true,
			},
			"use_fedramp_language": schema.BoolAttribute{
				Description: "Controls the display of FedRAMP language to the user during SSO login",
				Computed:    true,
				Optional:    true,
				Default:     booldefault.StaticBool(false),
			},
			"created_on": schema.StringAttribute{
				Description: "Timestamp for the creation of the SSO connector",
				Computed:    true,
				CustomType:  timetypes.RFC3339Type{},
			},
			"updated_on": schema.StringAttribute{
				Description: "Timestamp for the last update of the SSO connector",
				Computed:    true,
				CustomType:  timetypes.RFC3339Type{},
			},
			"verification": schema.SingleNestedAttribute{
				Computed:   true,
				CustomType: customfield.NewNestedObjectType[SSOConnectorVerificationModel](ctx),
				Attributes: map[string]schema.Attribute{
					"code": schema.StringAttribute{
						Description: "DNS verification code. Add this entire string to the DNS TXT record of the email domain to validate ownership.",
						Computed:    true,
					},
					"status": schema.StringAttribute{
						Description: "The status of the verification code from the verification process.\nAvailable values: \"awaiting\", \"pending\", \"failed\", \"verified\".",
						Computed:    true,
						Validators: []validator.String{
							stringvalidator.OneOfCaseInsensitive(
								"awaiting",
								"pending",
								"failed",
								"verified",
							),
						},
					},
				},
			},
		},
	}
}

func (r *SSOConnectorResource) Schema(ctx context.Context, req resource.SchemaRequest, resp *resource.SchemaResponse) {
	resp.Schema = ResourceSchema(ctx)
}

func (r *SSOConnectorResource) ConfigValidators(_ context.Context) []resource.ConfigValidator {
	return []resource.ConfigValidator{}
}
